Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2024-12-29 10:25:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1418 commits 8 branches 2369 tags 481 MiB
Commit graph

4 commits

Author SHA1 Message Date
Patrick J Volkerding
46995c4798 Sat Jun 22 20:05:28 UTC 2024 
patches/packages/emacs-29.4-x86_64-1_slack15.0.txz:  Upgraded.
  Emacs 29.4 is an emergency bugfix release intended to fix a
  security vulnerability:
  Arbitrary shell commands are no longer run when turning on Org mode.
  This is for security reasons, to avoid running malicious commands.
  (* Security fix *)
 2024-06-23 13:30:49 +02:00
Patrick J Volkerding
88c375df6b Tue Apr 23 22:24:03 UTC 2024 
patches/packages/ruby-3.0.7-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Arbitrary memory address read vulnerability with Regex search.
  RCE vulnerability with .rdoc_options in RDoc.
  Buffer overread vulnerability in StringIO.
  For more information, see:
    https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
    https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/
    https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/
    https://www.cve.org/CVERecord?id=CVE-2024-27282
    https://www.cve.org/CVERecord?id=CVE-2024-27281
    https://www.cve.org/CVERecord?id=CVE-2024-27280
  (* Security fix *)
 2024-04-24 13:30:50 +02:00
Patrick J Volkerding
9543d326f2 Sun Mar 24 18:21:46 UTC 2024 
patches/packages/emacs-29.3-x86_64-1_slack15.0.txz:  Upgraded.
  GNU Emacs through 28.2 allows attackers to execute commands via shell
  metacharacters in the name of a source-code file, because lib-src/etags.c
  uses the system C library function in its implementation of the ctags
  program. For example, a victim may use the "ctags *" command (suggested in
  the ctags documentation) in a situation where the current working directory
  has contents that depend on untrusted input.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-45939
  (* Security fix *)
 2024-03-25 13:30:45 +01:00
Patrick J Volkerding
d17567f359 Thu Dec 8 22:48:34 UTC 2022 
patches/packages/emacs-27.2-x86_64-2_slack15.0.txz:  Rebuilt.
  GNU Emacs through 28.2 allows attackers to execute commands via shell
  metacharacters in the name of a source-code file, because lib-src/etags.c
  uses the system C library function in its implementation of the ctags
  program. For example, a victim may use the "ctags *" command (suggested in
  the ctags documentation) in a situation where the current working directory
  has contents that depend on untrusted input.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-45939
  (* Security fix *)
patches/packages/vim-9.0.1034-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes various security issues such as a heap-based buffer
  overflow and use after free.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-4141
    https://www.cve.org/CVERecord?id=CVE-2022-3591
    https://www.cve.org/CVERecord?id=CVE-2022-3520
    https://www.cve.org/CVERecord?id=CVE-2022-3491
    https://www.cve.org/CVERecord?id=CVE-2022-4292
    https://www.cve.org/CVERecord?id=CVE-2022-4293
  (* Security fix *)
patches/packages/vim-gvim-9.0.1034-x86_64-1_slack15.0.txz:  Upgraded.
 2022-12-09 13:30:05 +01:00